-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL----- I just got off the phone with a reporter who was interviewing me for a comment in the paper on Cybercash's "CyberCoin" mini-money protocol. My comment was that I hadn't paid much attention to it, because I figured it was yet another book-entry system, but, since he e-mailed me ahead of time, I went to look at their FAQ on the web, and, yup, sure enough, it was yet another book-entry system. :-). For the record, I have no problems with Cybercash, themselves. If anyone's going to do a book-entry system, it might as well be Cybercash. What? What about CyberCoin? Oh. Yeah. CyberCoin. Well, the best way I can figure, it's a transaction accumulator for either your credit card or debit card, like First Virtual does for small transactions, only it settles way much quicker, like less than 90 days. :-). On the privacy standpoint, it hides transactions from the merchant, which is cool, but not from the bank, which is not cool. What do you expect from a book-entry system? ;-). Cybercash at least makes no claims for anonymity, unlike other transaction systems who will remain nameless... Cybercash is at <http://cybercash.com> if you want more details. Almost as an afterthought, the reporter said that someone at the NSA had cranked out a for-public report, which he had just gotten a fax of, decrying the succeptability of digital bearer certificate issuers in general, digital cash issuers in particular, to rubber-hose attacks on their private keys. The "Print off a trillion dollars in digimarks, buddy, or we'll kill 'Fluffy', your cat, here..." scenario. Maybe we can call it a Fluffy-the-cat attack... The first time I heard of this old chestnut, of course, was from the lips of Nathaniel Borenstein, who was pushing First Virtual rather strenously at the time, as a solution to that problem, among others, up to, but not including, dandruff and world peace. This was before he invented the keyboard sniffer, so I was actually listening to him, in those days. :-). Now it seems the NSA has picked up the Nathaniel's fumbled ball and is running with it for all they're worth. Of course, the best way to deal with this from a technical standpoint is not technically, of course, but with a market model: one with lots of issuers, trustees, protocol designers, software developers, buyers and sellers, in one great big robust, happy, many-to-many competitive clusterfuck of digital commerce. Not to mention, of course, expiry dates on the digital bearer certificates itself. Anyway, has anyone *else* seen this apocryphal NSA paper yet? Is it on the web? I'm sure (he said, volunteering someone else's services unasked yet again) that someone like John Young would be interested in seeing that fax... So, the reporter asks, do I think that Citicorp should get into the business of issuing digital cash? Well, I guess not. Not according to the NSA, anyway, especially if John Reed has a cat named 'Fluffy'. Cheers, Bob Hettinga -----BEGIN PGP SIGNATURE-----BY SAFEMAIL----- Version: 1.0b3 iQCVAwUBMlBBLfgyLN8bw6ZVAQENFQP9HKP1TdH27b7e2oruWFK1uc/aALOWPPUy jU+zCS+xUgYwdTlFiI2+6xD/jiylU9Twf6rgX63NQ3JNl1rQhmVW8wIhArgbakkg 3/zxWeMJ+Bc/1N0t+XsHdB3MQ07HygaPyjKED73Exy2uO60XuY8Je2isM4fr2B4d 85OeDCb606Q= =61Gj -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah@shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/